package com.qf.springboot.user.controller;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
@Api(tags = "权限管理模块",description = "这个模块包含了用户权限管理相关的接口")
public class OrderController {

    @ApiOperation(value = "这是一个测试方法",notes = "该方法接收get请求,不用传参数")
    @RequestMapping ("/manager")
    public String manage(){

        //获取shiro的当前用户对象
        Subject subject = SecurityUtils.getSubject();

        if (subject.isPermitted("order:get")) {
            System.out.println("ok");
        }else {
            System.out.println("error");
        }

        //检查 当前用户是否有admin角色
        if (subject.hasRole("admin")){

            return "redirect:/order.html";
        }else {
            return "redirect:/error.html";
        }
    }


    /**
     * 加注解的方式校验身份和权限
     * */
    //@RequiresRoles({"admin","user"}) //用来判断角色  同时具有 admin user
    //@RequiresPermissions({"order:get","order:update"}) //用来判断权限字符串
    //@RequiresPermissions({"order:save:*"}) //需要当前用户具有 以 order:save 开头的所以权限
    @RequiresPermissions({"order:get","order:update"}) //需要当前用户具有 以 order:save 开头的所以权限
    @GetMapping("/save")
    public String save(){
        return "redirect:/order.html";
    }
}
